All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Xu, Quan" <quan.xu@intel.com>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: "samuel.thibault@ens-lyon.org" <samuel.thibault@ens-lyon.org>,
	"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: FW: FW: [PATCH 1/6] vTPM: event channel bind interdomain with para/hvm virtual machine
Date: Fri, 31 Oct 2014 02:06:46 +0000	[thread overview]
Message-ID: <945CA011AD5F084CBEA3E851C0AB28890E81D298@SHSMSX101.ccr.corp.intel.com> (raw)
In-Reply-To: <54528379.5080107@tycho.nsa.gov>

Forward to mail list. 
Thanks for your comment, I will read it in detail and try out some of your suggestions. 

Quan
> -----Original Message-----
> From: Daniel De Graaf [mailto:dgdegra@tycho.nsa.gov]
> Sent: Friday, October 31, 2014 2:29 AM
> To: Xu, Quan
> Cc: samuel.thibault@ens-lyon.org
> Subject: Re: FW: [PATCH 1/6] vTPM: event channel bind interdomain with
> para/hvm virtual machine
> 
> On 10/30/2014 11:06 AM, Xu, Quan wrote:
> [...]
> >> +   domid = (domtype == T_DOMAIN_TYPE_HVM) ? 0 : tpmif->domid;
> 
> This seems to preclude the use of stub domain device models for HVM domains;
> in that case, the event channel/grant page would need to be mapped to the stub
> domain.  I think it may be better to pass in the target domain ID in xenstore
> rather than overriding it based on PV vs HVM.  In any case, in order to support
> HVM domains with PV drivers, an additional backend/frontend pair is required
> for QEMU rather than redirecting the existing vTPM to the device model's
> domain.
> 
> I would suggest attaching the vTPM directly to domain 0, but that would cause
> the vTPM to be picked up by the dom0 kernel instead of by QEMU, so that is not
> helpful.  If there is an existing solution for disk or network driver domains
> attached to HVM, the solution used there should be mirrored here; I have not
> looked to see how (or if) it is solved in those drivers.
> 
> A solution needs to be able to handle:
> 
> 1. Existing PV domains
> 2. HVM domain using TIS MMIO and no stubdom - without special casing dom0 3.
> HVM domain using TIS MMIO via a stubdom 4. Linux HVM domain with the PV
> vTPM driver (talks directly to the vTPM)
> 
> Similar to network and disk, when an OS that understands Xen devices finds a
> vTPM interface, it should detach/ignore the MMIO TPM interface.
> The vTPM domain is set up to handle this case: multiple connections to a single
> vTPM domain are permitted and will all talk to the same TPM instance.  Locality
> restrictions are based on the event channel endpoint, and so will still work even
> when tpmif->domid is incorrect; this is required to properly implement the DRTM
> if it is to be emulated.
> 
> --
> Daniel De Graaf
> National Security Agency

  parent reply	other threads:[~2014-10-31  2:06 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-30  7:38 [PATCH 0/6] vTPM: Xen stubdom vTPM for HVM virtual machine Quan Xu
2014-10-30  7:38 ` [PATCH 1/6] vTPM: event channel bind interdomain with para/hvm " Quan Xu
     [not found]   ` <945CA011AD5F084CBEA3E851C0AB28890E81D119@SHSMSX101.ccr.corp.intel.com>
     [not found]     ` <54528379.5080107@tycho.nsa.gov>
2014-10-31  2:06       ` Xu, Quan [this message]
2014-11-06 16:55       ` FW: " Xu, Quan
2014-11-07  7:15         ` Xu, Quan
2014-10-30  7:38 ` [PATCH 2/6] vTPM: add HVM_PARAM_STUBDOM_VTPM parameter for HVM " Quan Xu
2014-10-30 11:49   ` Andrew Cooper
2014-10-30 12:05     ` Xu, Quan
2014-10-30 12:17       ` Andrew Cooper
2014-10-30 13:34         ` Stefano Stabellini
2014-10-30 14:22           ` Xu, Quan
2014-10-31 17:50             ` Stefano Stabellini
2014-11-02 11:03               ` Xu, Quan
2014-10-30 14:13         ` Xu, Quan
2014-10-31  7:01     ` Xu, Quan
2014-10-30  7:38 ` [PATCH 3/6] vTPM: limit libxl__add_vtpms() function to para " Quan Xu
2014-10-30  7:38 ` [PATCH 4/6] vTPM: add TPM TCPA and SSDT for HVM virtual machine when vTPM is added Quan Xu
2014-10-30  7:38 ` [PATCH 5/6] vTPM: add vTPM device for HVM virtual machine Quan Xu
2014-10-30  7:38 ` [PATCH 6/6] vTPM: add QEMU_STUBDOM_VTPM compile option Quan Xu
2014-11-03 11:30 ` [PATCH 0/6] vTPM: Xen stubdom vTPM for HVM virtual machine Stefano Stabellini
2014-11-05  9:18   ` Xu, Quan
2014-11-05 11:01     ` Stefano Stabellini
2014-11-05 13:20       ` Xu, Quan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=945CA011AD5F084CBEA3E851C0AB28890E81D298@SHSMSX101.ccr.corp.intel.com \
    --to=quan.xu@intel.com \
    --cc=dgdegra@tycho.nsa.gov \
    --cc=samuel.thibault@ens-lyon.org \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.